Noticias

IBM has obtained concurrently the certification of conformity with the National Security Scheme (ENS) in HIGH category and the LEET Security rating with AAA level for the Public Cloud services based on its European Union CPDs. The multinational has obtained both through an audit process that unifies the evaluation of the security measures contemplated in both schemes.

For the achievement of the two accreditations, LEET Security has assessed, not only the operation according to the certified security management system followed by IBM for these same services, but also the level of robustness and strengh of the security measures themselves implemented for the rated services, as well as the ability to recover in the event of incidents, thus providing IBM customers with clear and transparent information about the security of their services.

The technological multinational thus takes another step in the ...
(Read more)

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This post is only available in Spanish

This content is only available in Spanish.

This post is only available in Spanish

This content is only available in Spanish.

The security of the supply chain is becoming one of the most important aspects on the agenda of many organizations. This may be due to regulatory impositions, as is the case of financial institutions, on the part of both the European Central Bank (ECB) and the European Banking Authority (EBA), or also due to a growing awareness of the impact that the supply chain has on the business itself. And this awareness has a lot to do with the application of the European General Data Protection Regulation, which explicitly obliges the controllers to ensure that the third parties to whom they subcontract the processing of the data in their possession comply with the security measures that the responsibles should demand them.

Although, in fact, the concern for the supply chain extends beyond the personal data, since from that chain also ...
(Read more)

This entry is only available in Spanish

Sorry, this entry is only available in Spanish.

This post is only available in Spanish.

This entry is only available in Spanish.

We have heard some news in these first months of 2018 related to the National Security Scheme (ENS), mandatory compliance framework in terms of IT security in Public Administration  field.

In February, LEET Security was accredited as certification entity in accordance with the ENS, and in April the approval resolutions of two new Technical Security Instructions were published in the Official Government Bulletin; whose objective is to properly develop the implementation of requirements and measures included in the ENS (Royal Decree 3/2010). 

On the one hand, the resolution of March 27, 2018 approves the Technical Security Instruction for Information Systems Security Audit  (BOE-A-2018-4573). And secondly, the resolution of April 13, 2018 approves the Technical Security Instruction for Security Incidents Notification  (BOE-A-2018-5370). 

The purpose of the Audit Security Technical Instruction is to establish the conditions for carrying out the ...
(Read more)

This entry is only avalable in Spanish

Spanish digital services multinational Stratesys has obtained the Cybersecurity rating from LEET Security, which credits its effectiveness and quality in the development, support and maintenance of applications on the virtual environment of its clients. This certification shows the effective application by the consulting company of a high control framework and security measures in the three evaluated dimensions: confidentiality, integrity and availability.

The rating recognizes not only Stratesys' operations in terms of security management but also endorses the level of robustness and rigor of the security measures with which it provides remote services for support and maintenance of applications.

In this sense, Andreas Makrandreou, partner-director of Stratesys, assures that "the recognition of LEET Security is a guarantee of reliability and excellence in all the processes of management and execution of projects and services that we are providing to our clients. In ...
(Read more)

This content is exclusively available in Spanish

The long time expected self-assessment tool

Finally, it is here. For some time now, our clients and other entities interested in rating have been asking us for a simpler form, but keeping all the rigor incorporated within our methodology, to carry out the evaluation of their cybersecurity levels online.

And this is what we have done, incorporating all the controls and algorithms used in the qualification, within the E-Qualify tool, to carry out the analysis in a self-assessment format.

E-Qualify contains the complete rating framework, which allows the assessment of all aspects related to security in the provision of its services, covered in the 14 domains and 76 sections of the methodology, to provide the result based on the answers provided during the process. The evaluation report includes not only the global score, in the three dimensions of Confidentiality, Integrity ...
(Read more)

This notice in only available in Spanish.

We are sorry. This entry is not available in English.

Last April, 27, LEET Security participate in the Club de la Excelencia en Gestión section at program Pulso Empresarial with Antonio Ramos, together with Miquel Romero i Grané, Members and Knowledge Director to present the resutls of the Study 'Corporations and Cybersecurity'.

During the interview, we review the more relevant results of this Study, together with a short and clear explanation of key points of security rating: what is security rating? What elements are assessed? What is the meaning of rating?... And, also, some reflections on the impact of new privacy regullation (GDPR), cybersecurity accountability in corporations or, even, how rating could be incorporated into corporate compliance.

Interview can be hear in the followink ling from minute 30 ahead (in Spanish): link to the podcast and the CEG review of the interview at this link.

In this webinar organized by Valencia Chapter of ISACA, we share the paper given by Antonio Ramos in CSX2016 Europe event organized by ISACA in London, past October. As stated in the title, we will address the options an organization has to know, to understand and to manage the cyber risk of relationships with third parties, both providers and partners, connected and non-connected services and, of course, taking into account the organization risk appetite.

In this link you can register and, in the following days, we will also share the record of the webinar for being watched in the future... (link to recorded session)

¡¡Join us!!

Last May, 14 and related to the recent incident on Friday known as WannaCry, Founder Partner of LEET Security, Antonio Ramos, has been interviewed for the News, both in La 1 and Telecinco channels.

In the following links, we include reference to both media:

• Telediario of La 1 - Sección A la carta
• Informativos of Telecinco - Archivo de Fin de Semana 

¡¡Sorry, this content is only in Spanish!!

Sorry! This information is only available in Spanish...

This notice is not available in English

The reference event to which every professional must assist

Free access. You can downlowd the full program and register here.

After Snowden, some days ago media published a new case. Again, a Booz Allen Hamilton employe has been charged of secrets theft. It is not clear yet, if he has passed this documents, if he is a spy o if, simply, he was storing that information.

Read more about these news in our journal "Information Security rating and labeling magazine" or at:

The New York Times, "N.S.A. Contractor Arrested in Possilbe New Thef of Secrets"

Schneier on Security, "NSA Contractor arrested for Stealing Classified Information"

HelpNetSecurity, "Why attaching security to each piece of data is critical"

Forbes, "After Snowden, Another Booz Allen Contractor Accused of Stealing NSA Files"

SecurityAffairs, "Once again an NSA contractor is the headlines for the alleged theft of secret exploit codes and highly confidential documents"

Not available in English. Please, select the Spanish version

[Sorry, this article is only in Spanish!!]

The paper presented by LEET Security to Iberoamerican Congress of ICT Governance and Advanced Management (gigaTIC16), "(Security) Vendor Risk Management: You cannot live without it", has been selected by the organizing committee of ISACA Barcelona and itSMF España at Catalonia. Therefore, next April, 28th at Telefónica Difital 00 Auditorium in Barcelona, we will have the opportunity to share how security rating can be used in vendor risk mamagement processes.

In our presentation, we will analyze how the growing dependency of third parties due to tendencies like digital transformation or shadow IT, makes necessary to analyze and manage the cybersecurity risk of that vendors. And, once you hace to manage third party risks, we will explore how security rating improves effectiveness and efficiency of this process allowing managing a high numer of vendors with a very adjusted resources allocation ...
(Read more)

Sorry. Not available in English.

Sorry! The information about this event is only in Spanish.

Next March, 18th, European Commission is hosting a workshop on cloud security with the subtitle: "Building Trust in Cloud Services - Certification and Beyond". The workshop will be facilitated by the European Commission and will focus on the following issues:

• Cloud Security in the context of European Commission initiatives
• Network & Information Security Directive and Cloud Computing Services
• Best Practice: Risk Management of cloud computing services
• Transparency: Incident Notification and Information Sharing for cloud computing services
• Recognition: Cloud Certification Schemes & Assurance Levels
• Impact Factors: Service Authentication, Law Enforcement Access, and Export Controls on cloud services

In each session throughout the day, panels of experts in cloud computing will touch on their own experience to convey their perspective of these issues. Participants will be invited to actively discuss their own experience of these issues and together prioritise mechanisms to address them.

LEET Security ...
(Read more)

On December 30, 2015, Aiuken Solutions achieved the rating seal of its services under the assessment and labeling methodology by LEET Security.

Aiuken has addressed the rating of services provided from its managed security center (SOC), consisting of "Managed Security Services" (which include data protection services, IT systems operation and threat management), “Web Application Firewall (WAF) services” and the "Anti-DDoS services", obtaining in all of them the triple C C C rating, which demonstrates the effective implementation of a large framework of control and security measures in all three evaluated dimensions (CIA: confidentiality, integrity and availability).

LEET Security rating evaluates beyond operational practices according to a ISMP, but the level of robustness and rigor of their own security measures implemented into the services and the resilience in case incident, providing Aiuken’s customers with a clear and transparent information on ...
(Read more)

INCIBE, entity under Ministry of Industry, Energy and Tourism, and LEET Security, have signed a collaboration agreement to jointly develop a cybersecurity capability building model for industrial systems and applicable to strategic and critical infrastructures.

LEET Security has acceded to the Collaboration Agreement "Smart City" of Móstoles City Council with the project " Reliable and Cybersecure Smart City" that seeks to assure that technological services that support smart city projects started in the town are trustworthy.

This project will develop, firstly, a pilot phase with ICT services users related with Mostoles City Council and associated entities to evaluate and identify the cybersecurity requirements that should be added to those ICT services in order to provide confidence and privacy conditions to the information managed.

And, secondly, special conditions will be offered to ICT service providers located in Mostoles for adhering to security rating and labelling services, so that Mostoles town will become a pole of attraction for technological service providers that would bid for transparency and cibersecurity as they would become a reference at an European ...
(Read more)

Rural Servicios Informáticos (RSI), entity that provides core banking services to Rural Groupo and other financial entities, has become first organization in rate the security of services provided gaining a B B A label according to LEET Security rating system.

RSI has become the first organization in gaining the rating security label offered by LEET Security.

RSI has undergone the rating of its 3 main services offered ('Services to Members', 'Services to Third Parties' and 'Internal Services') obtaining in all of them the level B B A. This rating level shows the effective application of a high control framework and security measures in the three dimensiones rated (confidenciality, integrity and availability).

The innovative security rating service offered by LEET Security provides information to RSI clients about security measures implemented, as well as its reponsed capacity in case of incident ...
(Read more)

INCIBE (Instituo Nacional de Ciberseguridad) has just published leet security rating mechanism in its website section "Make Trustworthy Business". This publication entails an analysis process by INCIBE abouth mechanism characteristics that ends with the publication of a summary of the main system characteristics in the website (link). 

As general summary, as stated in the information published by INCIBE, "this labeling / kite mark implies a rating of the provider being reviewed [the one that provides the service rated]. Therefore is quite important to check the rating of the label. This rating, refering to three dimensions of security, rates from A to E. In this scale, A means a higher security and maturity than E."

From leet security we would like to thank INCIBE by the willingness to add our security labeling mechanism to this section of its website due to the ...
(Read more)

Interview [in Spanish] to our CEO, Antonio Ramos, in Group of Research of Bioinformatic, Intelligent Systems, Educational Technology Department of University of Salamanca.

Link

Evicertia understands the importance of provide transparency to the security they implement in their services and, for that reason, it has relied on leet security rating system to label the security of all its services.

eVicertia (Evidencias Certificadas, SL), in his continuous efforts in security, understands that transparency is essential to build up trust with its users and, for that reason, it has decided to become the first company in adopt the rating system proposed by leet security, rating agency.

Thanks to this agreement, eVicertia and leet security will work together to verify the applicability of rating guide in all the services of certified notification provided by eVicertia (eviNotice, eviMail, eviSign y eviSMS) and the use of this security labeling system in these services.

Full text of press release (in Spanish) [PDF]

Antonio Ramos, CEO of security rating agency will participate in the 1st Workshop of Research in ICT Security Technologies organized by AEI Seguridad next 30th, November in León (Spain). The title of the paper that will be presented by our CEO in this Workshop is "Application of rating models to cloud services security assessments". We hope you in León...

Antonio Ramos, CEO of  security rating agency will participate in the first edition of  Segurinfo organized by Usuaria Association in Spain the next 21st of November in the Palacio de Congresos (Madrid). Conference talks are organized in two tracks, one about security economics and other about cybersecurity and our CEO participation will be "Buying security services" and will talk about utilization of security rating for solving asymmetric information issues in ICT services. We will see you there...

Antonio Ramos, CEO of  security rating agency will present the session "Rating cloud services security" inside the Conference VISION12 organized by itSMF Spain the following 19th and 20th of November in Madrid.

In this link you will find the register page for if you are interested in being with us...

Antonio Ramos, CEO of security rating agency and author of blog Carpe Diem will be at 6th Edition of  ENISE - Encuentro Internacional de SEguridad de la Información (Information Security International Meeting) that INTECO organizes annually at León (Spain).

Specifically, Antonio Ramos will participate in the session "Security bloggers meeting 2012" that will takes place on 23th between 18:30 and 20:30.

Leet security, security rating agency, expands its agreements with Spanish technology Associations

Thanks to the collaboration with ANEI - National Association of Companies in Internet, now members of this association can access security rating services offered by leet security under special conditions

Full text of the press release [in Spanish]

Enlace al texto completo de la noticia

Enlace al texto completo de la noticia

EuroCloud España, consciente de las garantías demandadas por los usuarios acerca de la seguridad y confidencialidad de los datos almacenados en la Nube, ha firmado un acuerdo de colaboración con la agencia de calificación de servicios TIC, Leet Security, para facilitar el acceso de sus asociados a este sistema de generación de confianza.

La calificación ofrecida por Leet Security sobre los asociados de EuroCloud España contará con el respaldo de la organización de cloud computing y estará disponible para su consulta. De esta manera, aquellos interesados en contratar soluciones de cloud computing podrán comparar antes de contratar un servicio la confidencialidad, integridad y disponibilidad ofrecida por distintos los proveedores y elegir entre ellas según sus propias necesidades.

El sistema de calificación para la contratación de servicios TIC desarrollado ...
(Read more)

Ayer, día 29 de mayo, tuvo lugar la inauguración oficial del Vivero de Empresas de Móstoles con la presencia del Alcalde de Móstoles, Daniel Órtiz (@danielortizesp) y la Ministra de Empleo y Seguridad Social, Fátima Bañez (@FatimaBanez). Después de la inauguración y antes de los discursos institucionales, tuvimos la suerte de contar con la visita de la comitiva liderada por la Señora Ministra a nuestras instalaciones en el Vivero. Os dejamos con los vídeos de la visita:

• Vídeo oficial del Ministerio de Empleo y Seguridad Social

• Vídeo de la Agencia de Noticias europapress (enlace).

itSMF España junto a la Universidad Carlos III de Madrid, la Universidad de Oviedo y la Universidad de Extremadura organizan el próximo 28 de mayo, el Academic ITGSM12: VII Congreso Académico Internacional en Gobierno y Gestión del Servicio de las Tecnologías de la Información (TI).

El Congreso Academic ITGSM12 se centra en pedir a la comunidad Académica y de las empresas más innovadoras que compartan su visión, investigaciones y trabajos que ayuden a impulsar al tejido empresarial a avanzar ante este nuevo reto. Siguiendo esta línea argumental, la temática del congreso se agrupará en torno a las últimas prácticas, experiencias e investigaciones del Gobierno y la Gestión del Servicio de unas tecnologías de la información que son clave para la sociedad y la economía ...
(Read more)

El próximo jueves, 26 de abril, a las 19:00, participaremos en la conferencia organizada por la Asociación de Titulados Universitarios Oficiales en Informática (ALI) y el Colegio Profesional de Ingenieros Técnicos en Informática de la Comunidad de Madrid (CPITICM) en el Salón de Grados de la Facultad de Informática de la UPM ubicada en el campus Sur (Ctra. Valencia, km. 7)

Título: Conferencia ALI - CPITICM: "La calificación de seguridad TIC" Lugar: Sala de grados Escuela Universitaria de Informática - Campus Sur UPM (Ctra. Valencia, km. 7 - Madrid) Hora de Inicio: 19:00 Date: 2012/04/26 Hora de Finalización: 21:00

Nos hemos decidido a crear también nuestra página en Google+. A partir de ahora podrás encontrarnos también aquí: leet security en Google+

El regidor de Móstoles, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqueda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. El Alcalde de Móstoles, Daniel Ortiz, ha destacado el perfil innovador y pionero de los sectores laborales de los emprendedores que radicarán sus negocios en el nuevo Vivero de Empresas. El regidor, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqu3eda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. Enlace a la noticia original

Magazine article by SIC describing the rating system and discuss its applicability to the procurement of ICT services. Link to the magazine article

If you think your service provider is going to take care of everything, then you have another thing coming. Dark reading - Tech Center: Cloud Security. Jun 03, 2011